CVE-2014-0672
https://notcve.org/view.php?id=CVE-2014-0672
The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface. La interfaz Search and Play en Cisco MediaSense no aplica correctamente los requerimientos de autorización, lo que permite a usuarios remotos autenticados descargar registros arbitrarios a través de una petición hacia esta interfaz. • http://osvdb.org/102342 http://secunia.com/advisories/56600 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0672 http://tools.cisco.com/security/center/viewAlert.x?alertId=32516 http://www.securityfocus.com/bid/65054 http://www.securitytracker.com/id/1029668 https://exchange.xforce.ibmcloud.com/vulnerabilities/90616 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-5502
https://notcve.org/view.php?id=CVE-2013-5502
The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows remote attackers to obtain sensitive query string or cookie information via unspecified vectors, aka Bug ID CSCuj23344. El interfaz web en Cisco MediaSense no protege correctamente el canal de comunicación cliente-servidor, los cual permite a atacantes remotos obtener petición sensible de texto o información de las cookies a través de vectores no especificados, aka Bug ID CSCuj23344. • http://osvdb.org/97532 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5502 http://tools.cisco.com/security/center/viewAlert.x?alertId=30934 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-5501
https://notcve.org/view.php?id=CVE-2013-5501
Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328. Vulnerabilidad de Cross-site Scripting (XSS) rn la página oraservice de Cisco MediaSense permite a atcantes remotos inyectar web scripts HMTL arbitrarios a través de un parámetro sin espefcar. Conocido BUG ID CSCuj23328. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5501 http://www.securityfocus.com/bid/62574 http://www.securitytracker.com/id/1029064 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-5500
https://notcve.org/view.php?id=CVE-2013-5500
Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338. Multiples vulnerabilidades scripting (XSS) en la página del servicio oraadmin service en Cisco MediaSense permite a atacantes remotos inyectar web scripts HTML arbitrarios a través de un parámetro sin especificar, conocidos bugs IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5500 http://www.securityfocus.com/bid/62575 http://www.securitytracker.com/id/1029064 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •